In message <[email protected]>, Martin Rex writes: > Viktor Dukhovni wrote: > > > > > RFC 103[45] say what to return if the name exists and > > > the type doesn't and it isn't NOTIMP. > > > > In this case the name does not exist, so the nameserver should be > > returning NXDOMAIN, but it snatches defeat from the jaws of victory > > and indeed returns "NOTIMP": > > > > ; <<>> DiG 9.8.0rc1 <<>> +norecur -t TYPE52 > > _25._tcp.mail.protection.outlook.com. @ns1-proddns.glbdns.o365filtering.com. > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 4960 > > ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > > > which 8.8.8.8 relayed as SERVFAIL. If there is someone from > > Microsoft on this list, please forward a pointer to thread to the > > appropriate interested parties. > > > I haven't looked at any of the other stuff (from this discussion), > but this latter appears to be a major goof in Googles DNS server. > > Forwarding NOTIMP (=permanent, do not retry) as a temporary > RC (SERVFAIL) is pretty unreasonable on my scorecard.
NOTIMP causes a recursive server to try other servers or if it was a EDNS query to try a plain DNS query. REFUSED causes a recursive server to try other servers. SERVFAIL causes a recursive server to try other servers. When you exhaust the list of servers you return SERVFAIL. NOTIMP, REFUSED and SERVFAIL are not authoritative responses. > -Martin > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
